Raspberry Foundation provides a tool called Pico Tool that is able to retrieve your firmware and compare it with the original firmware it should be run. If there is a mismatch, it will complaint.
- Download, build and install Pico Tool from their repository.
- Put your Pico in BOOTSEL mode.
$ picotool verify pico_hsm.uf2
And it will return OK if the firmware uploaded matches with the file you are comparing. If an attacker has modified your firmware, you will notice it easily.